Anomali February Quarterly Product Release

Anomali has made its mark delivering Threat Intelligence powered detection and response with its ThreatStream, Match, and Lens portfolio. Now, we've expanded upon that leadership position by continuing to innovate and deliver the essential capabilities and XDR solutions our customers have been wanting.

Key Highlights for this Quarter Include:

• Introducing Match in the Cloud
• Announcing The Anomali Platform
• Increased Insights with Intelligence Initiatives
• Extended Rules Engine Supporting Advanced Search Queries
• On-Prem 5.3 Release with Intelligence Initiatives and More
• Cybersecurity Insights Report and Blog Series

Read more below to see what our incredible team has been working on this quarter.

Introducing Match in the Cloud

At the core of this new release is the hard work the team has done to introduce Match, Anomali’s big data threat detection engine, as a cloud-native deployment. By moving Match to the cloud, we’ve introduced new cloud capabilities that work together with existing ThreatStream and Lens capabilities in a cloud-native environment.

With Match Cloud, we have unlocked our capability to ingest data from any telemetry source and access our global repository of threat intelligence to deliver high-performance indicator correlation at a rate of 190 trillion EPS.

With Match Cloud, customers can add internal log sources and telemetry freely, leveraging the power of resource-intensive technologies that improve overall effectiveness and efficiencies.

Match is available in both cloud and on-premise deployment options. Take our interactive tour to learn more.

Announcing The Anomali Platform

As I mentioned above, moving Match to the cloud created synergistic threat detection and response capabilities in a cloud-native environment across the entire Anomali portfolio. With that, we’re able to offer fully cloud-native multi-tenant solutions that easily integrate into existing security tech stacks.

We’re excited to introduce The Anomali Platform, a cloud-native extended detection and response (XDR) solution. The Anomali Platform is made up of critical components that work together to ingest security data from any telemetry source and correlate it with our global repository of threat intelligence to drive detection, prioritization, analysis, and response.

Included in The Anomali Platform are:

• Anomali Match
• Anomali ThreatStream
• Anomali Lens

By combining big data management, machine learning, and the world’s largest global threat intelligence repository, organizations can understand what’s happening inside and outside their network within seconds.

Read the Enterprise Management Associates (EMA) Impact Brief to see what they had to say about The Anomali Platform or take our interactive tour to learn more. And keep an eye out for our live event coming in Mid-April.

Increased Insights with Intelligence Initiatives

Since its release, Intelligence Initiatives have proven to be an effective tool in helping organizations align their intelligence goals and workflows around specific tasks.

With this release, we’ve introduced more out of the box options that offer increased granularity and visibility, including:

• Granular Intelligence Requirements that enable users to associate intelligence and user activity with specific aspects of analyst work
• Built-in dashboards with additional insights and information for stakeholders about current Intelligence Initiatives
• Increased ability to associate ThreatStream entities to an Initiative, allowing an organization to attribute more of their work and research to chosen initiatives, including the attribution of intelligence from Sandbox detonations and manually imported intelligence

This update is currently available as a Cloud-only update for ThreatStream customers until future appliance releases.

Extended Rules Engine Support with Advanced Search Queries

​​ThreatStream allows customers to manage the collection, curation, normalization, and integration of threat intelligence from many sources into your research and operational environments. With ThreatStreams’s rules functionality, users can closely monitor new and updated intelligence.

In this release, we’ve added advanced search-based rules on threat entities, including the use of conditions and operators to enable users to obtain greater control in pinpointing the appropriate alerts for teams to manage their highest priority threat intelligence updates. It also allows a retrospective selection of intelligence updates based on new advanced-search rules.

On-Prem 5.3 Release with Intelligence Initiatives and More

It’s not all about the cloud, as this month also brings ThreatStream On-Prem customers a feature-rich release with v5.3, including:

• Advanced Saved Search functionality to Threat Models and custom dashboards
• STIX TAXII server now provides immediate access to your local dataset [serving local observables only]
• Support for MITRE ATT&CK Attack Patterns and MITRE Version management [up to v9, in Security Coverage and Investigations]
• Introduction of Intelligence Initiatives to represent organizational intelligence goals [for local intelligence via local initiatives]
• Organizational specific intelligence highlights when scanning pages with Lens, as well as Office 365 and PDF support for Lens+ customers
• Workgroup based dashboards displaying user activity data broken down by workgroup

Cybersecurity Insights Report and Blog Series

Anomali recently released our Cybersecurity Insights Report 2022, which outlined key challenges enterprise organizations face daily. In addition to the report, readers can follow along with our new bi-weekly blog series as I explore the Top 10 Cybersecurity Challenges Enterprise Organization's Face and deep dive into each of them.

You can read the first in the series here or download the report for more insights.

Until next quarter, stay safe!